Hi,
last week I configured one dynamic VPN profile for VPN client access.
It was working perfectly, 
but after one weekend of changes, I came back to re-connect in VPN from remote location and I found that VPN clients are not any longer able to connect on internal resources.
In the specific:
1) Pulse is connected correctly
2) Connecting on internal resources are not working.
Extract of the configuration:
set security dynamic-vpn access-profile remote_access_profile
set security dynamic-vpn clients wizard-dyn-group remote-protected-resources 10.0.0.0/8
set security dynamic-vpn clients wizard-dyn-group ipsec-vpn wizard_dyn_vpn
set security dynamic-vpn clients wizard-dyn-group user vpn123
set access profile remote_access_profile client test123 firewall-user password "$9$Lyoxdb4aUji.hSlvW8dV/9A0IcLX-w2aFnRSeWN-4oJGjq/9pOBE"
set access profile remote_access_profile address-assignment pool dyn-vpn-address-pool
set access address-assignment pool dyn-vpn-address-pool family inet network 172.16.0.0/24
set access address-assignment pool dyn-vpn-address-pool family inet range d-range low 172.16.0.150
set access address-assignment pool dyn-vpn-address-pool family inet range d-range high 172.16.0.200
set access address-assignment pool dyn-vpn-address-pool family inet xauth-attributes primary-dns 10.20.20.100/32
set access firewall-authentication pass-through default-profile remote_access_profile
set access firewall-authentication web-authentication default-profile remote_access_profile
set security nat source rule-set Zone_CONTACT-INSIDE-Zone_I-1 from zone CONTACT-INSIDE
set security nat source rule-set Zone_CONTACT-INSIDE-Zone_I-1 to zone INTERNET
set security nat source rule-set Zone_CONTACT-INSIDE-Zone_I-1 rule NO_NAT-VPN_Client match source-address-name vpn-clinet_net
set security nat source rule-set Zone_CONTACT-INSIDE-Zone_I-1 rule NO_NAT-VPN_Client match destination-address-name HQ_net
set security nat source rule-set Zone_CONTACT-INSIDE-Zone_I-1 rule NO_NAT-VPN_Client then source-nat off
set security policies from-zone INTERNET to-zone CONTACT-INSIDE policy VPN_Admin match source-address any
set security policies from-zone INTERNET to-zone CONTACT-INSIDE policy VPN_Admin match destination-address any
set security policies from-zone INTERNET to-zone CONTACT-INSIDE policy VPN_Admin match application any
set security policies from-zone INTERNET to-zone CONTACT-INSIDE policy VPN_Admin then permit tunnel ipsec-vpn wizard_dyn_vpn
set security policies from-zone INTERNET to-zone CONTACT-INSIDE policy VPN_Admin then log session-close
set security policies from-zone INTERNET to-zone CONTACT-INSIDE policy VPN_Admin then count
Maybe more relvant, (but I didn't find something of specific), is the debug trace log:
Apr 27 11:48:52 11:48:52.496206:CID-0:RT:jsf sess close notify
Apr 27 11:48:52 11:48:52.496206:CID-0:RT:flow_ipv4_del_flow: sess 7775, in hash 32
Apr 27 11:48:52 11:48:52.496206:CID-0:RT:flow_ipv4_del_flow: sess 7775, in hash 32
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:<172.16.0.165/33539->10.10.10.254/1;1> matched filter filter1:
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:packet [60] ipid = 17960, @0x43e77e5a
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 1, common flag 0x0, mbuf 0x43e77c00, rtbl_idx = 0
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow process pak, mbuf 0x43e77c00, ifl 0, ctxt_type 1 inq type 6
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: in_ifp <junos-host:.local..0>
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 0x67099470
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:host inq check inq_type 0x6
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:tifp NULL
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:pkt out of tunnel.Proceed normally
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: pp0.0:172.16.0.165->10.10.10.254, icmp, (8/0)
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: find flow: table 0x5db6db28, hash 39479(0xffff), sa 172.16.0.165, da 10.10.10.254, sp 33539, dp 1, proto 1, tok 16395
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: no session found, start first path. in_tunnel - 0x6027cdf8, from_cp_flag - 0
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: flow_first_create_session
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:First path alloc and instl pending session, natp=0x600ae428, id=5614
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: flow_first_in_dst_nat: in <pp0.0>, out <N/A> dst_adr 10.10.10.254, sp 33539, dp 1
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: chose interface pp0.0 as incoming nat if.
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 10.10.10.254(1)
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_first_routing: vr_id 4, call flow_route_lookup(): src_ip 172.16.0.165, x_dst_ip 10.10.10.254, in ifp pp0.0, out ifp N/A sp 33539, dp 1, ip_proto 1, tos 0
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:Doing DESTINATION addr route-lookup
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_ipv4_rt_lkup success 10.10.10.254, iifl 0x55, oifl 0x46
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: routed (x_dst_ip 10.10.10.254) from INTERNET (pp0.0 in 0) to vlan.10, Next-hop: 10.10.10.254
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_first_policy_search: policy search from zone INTERNET-> zone CONTACT-INSIDE (0x0,0x83030001,0x1)
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:Policy lkup: vsys 0 zone(11:INTERNET) -> zone(6:CONTACT-INSIDE) scope:0
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: 172.16.0.165/2048 -> 10.10.10.254/51799 proto 1
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: app 0, timeout 60s, curr ageout 60s
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: permitted by policy VPN_Admin(41)
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: packet passed, Permitted by policy.
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_first_src_xlate: nat_src_xlated: False, nat_src_xlate_failed: False
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_first_src_xlate: incoming src port is : 33539.
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_first_src_xlate: src nat returns status: 1, rule/pool id: 4/0, pst_nat: False.
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: dip id = 0/0, 172.16.0.165/33539->172.16.0.165/33539 protocol 0
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: choose interface vlan.10(P2P) as outgoing phy if
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:is_loop_pak: No loop: on ifp: vlan.10, addr: 10.10.10.254, rtt_idx:4
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:-jsf : Alloc sess plugin info for session 4294972910
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:[JSF]Normal interest check. regd plugins 27, enabled impl mask 0x0
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: Allocating plugin info block for plugin(6)
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:[JSF] set ext handle 0x562a62a0 for plugin 6 on session 4294972910
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:[JSF]Plugins(0x40, count 1) enabled for session = 4294972910, impli mask(0x0), post_nat cnt 0 svc req(0x5)
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:[JSF]c2s order list:
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: 6
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:[JSF]s2c order list:
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: 6
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_first_service_lookup(): natp(0x600ae428): app_id, 0(0).
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: service lookup identified service 0.
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: flow_first_final_check: in <pp0.0>, out <vlan.10>
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:In flow_first_complete_session
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_first_complete_session, pak_ptr: 0x5c4f9e40, nsp: 0x600ae428, in_tunnel: 0x6027cdf8
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:construct v4 vector for nsp2
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: existing vector list 0x8284-0x5611b168.
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: Session (id:5614) created for first pak 8284
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:first pak processing successful
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: flow_first_install_session======> 0x600ae428
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: nsp 0x600ae428, nsp2 0x600ae4b8
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: make_nsp_ready_no_resolve()
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: reverse route is optional
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:Doing jsf sess create notify
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:-jsf create notify: plugin id 6. rc 3
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:flow_do_jsf_notify_session_creation(): natp(0x600ae428): 0 SHORT_CIRCUITED: 0x00000000.
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:no need update ha
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:Installing s2c NP session wing
Apr 27 11:48:53 11:48:53.820725:CID-0:RT:first path session installation succeeded
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: flow got session.
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: flow session id 5614
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: vector bits 0x8284 vector 0x5611b168
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: ****jsf svc chain: sess id 5614, dir 1, nat_done 0, pak pid 0, first pid 6
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: plugin name junos-jdpi. action JSF_SESSION_ACTION_NONE, stbuf 0x0
Apr 27 11:48:53 11:48:53.820725:CID-0:RT: jsf sess id ignore. sess 5614, pid 6, dir 1, st_buf 0x0.
Apr 27 11:48:54 11:48:53.820725:CID-0:RT: jsf sess id ignore. sess 5614, pid 6, dir 2, st_buf 0x0.
Apr 27 11:48:54 11:48:53.820725:CID-0:RT:All plugins have ignored session :5614
Apr 27 11:48:54 11:48:53.820725:CID-0:RT: existing vector list 0x8204-0x5611b1c8.
Apr 27 11:48:54 11:48:53.820725:CID-0:RT: existing vector list 0x8204-0x5611b1c8.
Apr 27 11:48:54 11:48:53.820725:CID-0:RT:PKT-PROC for plugin junos-jdpi jbuf 0x608d6b50, sess jsf flags 0x0, rc 0
Apr 27 11:48:54 11:48:53.820725:CID-0:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
Apr 27 11:48:54 11:48:53.820725:CID-0:RT: encap vector
Apr 27 11:48:54 11:48:53.820725:CID-0:RT: no more encapping needed
Apr 27 11:48:54 11:48:53.820725:CID-0:RT:mbuf 0x43e77c00, exit nh 0x110010
Apr 27 11:48:54 11:48:53.820725:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x5c4f9e40 associated with mbuf 0x43e77c00
Apr 27 11:48:54 11:48:53.820725:CID-0:RT: ----- flow_process_pkt rc 0x0 (fp rc 0)
Apr 27 11:48:54 11:48:53.825226:CID-0:RT:<10.10.10.254/1->172.16.0.165/33539;1> matched filter filter2:
Apr 27 11:48:54 11:48:53.825226:CID-0:RT:packet [60] ipid = 40725, @0x43e8a79a
Apr 27 11:48:54 11:48:53.825226:CID-0:RT:---- flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x43e8a580, rtbl_idx = 4
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: flow process pak fast ifl 70 in_ifp vlan.10
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: vlan.10:10.10.10.254->172.16.0.165, icmp, (0/0)
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: find flow: table 0x5db6db28, hash 11247(0xffff), sa 10.10.10.254, da 172.16.0.165, sp 1, dp 33539, proto 1, tok 16390
Apr 27 11:48:54 11:48:53.825226:CID-0:RT:Found: session id 0x15ee. sess tok 16390
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: flow got session.
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: flow session id 5614
Apr 27 11:48:54 11:48:53.825226:CID-0:RT:no fto but skip rerouting since route is optional
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: vector bits 0x8204 vector 0x5611b1c8
Apr 27 11:48:54 11:48:53.825226:CID-0:RT:ttl vector, out_tunnel = 0x6027cdf8
Apr 27 11:48:54 11:48:53.825226:CID-0:RT:pre-frag not needed: ipsize: 60, mtu: 1422, nsp2->pmtu: 1422
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: encap vector
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: going into tunnel 67108881 (nsp_tunnel=0x6027cdf8).
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: flow_encrypt: tun 0x6027cdf8, type 1
Apr 27 11:48:54 11:48:53.825226:CID-0:RT:lpak_init: lpak 0x5c775d18, paksize 60, machdr 0x0, iphdr 0x43e8a79a
Apr 27 11:48:54 11:48:53.825226:CID-0:RT: ----- flow_process_pkt rc 0x11 (fp rc 0)
Any suggestion for solve this problem?
Many regards
#dynamicVPN#vpnclient#SRX110